reddb-io-server 1.15.0

RedDB server-side engine: storage, runtime, replication, MCP, AI, and the gRPC/HTTP/RedWire/PG-wire dispatchers. Re-exported by the umbrella `reddb` crate.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

//! Key Management for RedDB Encryption
//!
//! Handles secure storage and derivation of encryption keys.
//! Ensures keys are zeroed out from memory when dropped.

use std::ptr;

/// A securely managed encryption key
pub struct SecureKey {
    data: Box<[u8]>,
}

impl SecureKey {
    /// Create a new secure key from raw bytes
    pub fn new(data: &[u8]) -> Self {
        Self { data: data.into() }
    }

    /// Access the raw key bytes
    pub fn as_bytes(&self) -> &[u8] {
        &self.data
    }
}

impl Drop for SecureKey {
    fn drop(&mut self) {
        // Volatile zeroing to prevent compiler optimization
        unsafe {
            ptr::write_volatile(self.data.as_mut_ptr(), 0);
            for i in 1..self.data.len() {
                ptr::write_volatile(self.data.as_mut_ptr().add(i), 0);
            }
        }
        // Memory fence to ensure writes happen before deallocation
        std::sync::atomic::compiler_fence(std::sync::atomic::Ordering::SeqCst);
    }
}

impl Clone for SecureKey {
    fn clone(&self) -> Self {
        Self::new(&self.data)
    }
}

impl std::fmt::Debug for SecureKey {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(f, "SecureKey(***)")
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_secure_key_zeroing() {
        let key = SecureKey::new(b"secret");
        drop(key);
        // Can't easily check memory after drop safely in Rust tests without UB,
        // but we trust the implementation logic.
    }
}